BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

New eEye Zero-Day Tracker Site is Up!

Posted September 22, 2010    Marc Maiffret

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability.

The ZDT is also an important tool to hold technology companies accountable. eEye has long believed that we are not only striving to provide IT folks the best Vulnerability Management solutions to combat vulnerabilities within their own organizations, but also that we must all work as a community to hold technology companies accountable for the timely and responsible fixing of security vulnerabilities.

As you’ll see on the eEye ZDT website, the number of Zero-Day vulnerabilities is certainly not slowing down. Maybe even more disconcerting is the fact that some vulnerabilities in the list have been known for months – a stark reminder that some technology companies will simply leave Zero-Day vulnerabilities unpatched for a period of time.

In addition to the dramatic increase in Zero-Day vulnerabilities, we’re also seeing an increase in the usage of Zero-Day vulnerabilities within common widespread cybercrime attacks rather than the norm of silent targeted attacks. These trends should serve as a reminder that in order to effectively secure your organization in today’s threat landscape, you must operate under the assumption that there are unpatched vulnerabilities that can affect your organization. It’s critical to ask yourself honestly if you’ve implemented technologies, configurations, and processes that go above and beyond the reactive security of traditional anti-virus, firewall, and intrusion detection technologies.

I personally invite you to take advantage of this newly launched service from the eEye Research Team. Please use it not only as a resource for yourself, but also as a shared tool to collectively hold technology companies accountable. At eEye, we’ve seen firsthand the power of the IT Security community to change the culture of security even at a company as large as Microsoft. So, in an effort to work together, please send us an email at research@eeye.com, if you know of a current or previously patched Zero-Day that’s not listed on our ZDT website. We will be sure to add it.

Look for more resources and tools from us over the coming months, as we continue to push for accountability across all technology companies. Let’s work to establish a new standard where they put security first and features second.

Tags:
, , , ,

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,